Skip to content
Snippets Groups Projects
Commit bd1b06df authored by Karolina's avatar Karolina
Browse files

Issue #3468209 by karolinam, iwayMan: Users can 'Add child' link even if they...

Issue #3468209 by karolinam, iwayMan: Users can 'Add child' link even if they don't have the add new links permission
parent 17ec7dfe
No related branches found
No related tags found
1 merge request!3Issue #3468209: Users can 'Add child' link even if they don't have the add new links permission
......@@ -59,6 +59,14 @@ function menu_perms_per_menu_form_menu_edit_form_alter(&$form, FormStateInterfac
/** @var Drupal\system\Entity\Menu */
$menu = $form_object->getEntity();
// If menu is empty and message contains "Add link".
if (isset($form['links']['links']['#empty'])) {
if (!$account->hasPermission('add new links to ' . $menu->id() . ' menu from menu interface') && str_contains($form['links']['links']['#empty'], "Add link")) {
// Remove "Add link" url.
$form['links']['links']['#empty'] = preg_replace('/<a href="[^"]*">Add link<\/a>\./', '', $form['links']['links']['#empty']);
}
}
// For each link listed in the table.
if (isset($form['links']['links'])) {
$menu_link_ids = Element::children($form['links']['links']);
......@@ -69,10 +77,16 @@ function menu_perms_per_menu_form_menu_edit_form_alter(&$form, FormStateInterfac
$form['links']['links'][$menu_link_id]['enabled']['#disabled'] = TRUE;
}
// Restrict access to 'Delete' dropbutton.
// Restrict access to 'Delete' in menu link operation dropdown.
if (!$account->hasPermission('delete links in ' . $menu->id() . ' menu from menu interface')) {
unset($form['links']['links'][$menu_link_id]['operations']['#links']['delete']);
}
// Restrict access to 'Add child' in menu link operation dropdown.
// Adding a child link is equivalent of creating/adding a new menu link.
if (!$account->hasPermission('add new links to ' . $menu->id() . ' menu from menu interface')) {
unset($form['links']['links'][$menu_link_id]['operations']['#links']['add-child']);
}
}
}
......
......@@ -94,6 +94,21 @@ class MenuPermsPerMenuTest extends KernelTestBase {
$this->assertNoText('Tools');
}
/**
* Site Manager cannot add a new link in the empty main menu.
*
* Testing permission 'add new links to main menu from menu interface' which
* site manager does not have.
*/
public function testUserDoesNotSeeAddLinkInEmptyMainMenu() {
$request = Request::create('/admin/structure/menu/manage/main');
$response = $this->httpKernel->handle($request)->prepare($request);
$this->assertEquals(Response::HTTP_OK, $response->getStatusCode());
$this->setRawContent($response->getContent());
$this->assertText('There are no menu links yet.');
$this->assertNoLink('Add link');
}
/**
* Site Manager should have a restricted access to the main menu.
*/
......@@ -141,6 +156,12 @@ class MenuPermsPerMenuTest extends KernelTestBase {
$response = $this->httpKernel->handle($request)->prepare($request);
$this->assertEquals(Response::HTTP_FORBIDDEN, $response->getStatusCode());
// Disallowed to add child menu items from admin/structure/menu/manage/main.
$request = Request::create('/admin/structure/menu/manage/main');
$response = $this->httpKernel->handle($request)->prepare($request);
$this->setRawContent($response->getContent());
$this->assertNoLink('Add child');
// Disallowed to edit the link of a menu item.
$request = Request::create('/admin/structure/menu/item/' . $link->id() . '/edit');
$response = $this->httpKernel->handle($request)->prepare($request);
......@@ -161,9 +182,18 @@ class MenuPermsPerMenuTest extends KernelTestBase {
}
/**
* Site Manager should have a full access to the main menu.
* Site Manager should have full access to the footer menu.
*/
public function testFooterMenu() {
// Site manager sees the "Add link" link in the empty footer menu.
$request = Request::create('/admin/structure/menu/manage/footer');
$response = $this->httpKernel->handle($request)->prepare($request);
$this->assertEquals(Response::HTTP_OK, $response->getStatusCode());
$this->setRawContent($response->getContent());
$this->assertText('There are no menu links yet.');
$this->assertLink('Add link');
// Add dummy menu item.
$link = MenuLinkContent::create([
'title' => 'Test menu item',
......@@ -183,6 +213,12 @@ class MenuPermsPerMenuTest extends KernelTestBase {
$this->setRawContent($response->getContent());
$this->assertLinkByHref('admin/structure/menu/manage/footer/add');
// Allowed to add child menu items from admin/structure/menu/manage/footer.
$request = Request::create('/admin/structure/menu/manage/footer');
$response = $this->httpKernel->handle($request)->prepare($request);
$this->setRawContent($response->getContent());
$this->assertLink('Add child');
// Allowed to edit menu items.
$request = Request::create('/admin/structure/menu/item/' . $link->id() . '/edit');
$response = $this->httpKernel->handle($request)->prepare($request);
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment